Feat/588 timelocks

[Ramarti]

Adds timelocked action execution in accordance to issue #558

• Timelocked (delayed) actions are defined by using the method setActionDelay in VaultAuthorizer
• setActionDelay is in itself a delayed action, initially set with a delay of 1h
• Only a special kind of contract, DelayedCall can trigger a delayed action
• DelayedCalls are deployed calling VaultAuthorizer.deployDelayedCall by an account with permission granted for the actionId that would be triggered by DelayedCall
• DelayedCalls trigger can be permissionless or restricted to accounts with global permission granted for the correspondent actionId. This option is set when deploying them.
• DelayedCalls cancellation is restricted to accounts with global permission granted for the correspondent actionId

[nventuro]

(I force-pushed a revised history where only the new commits are added, as squash-merging doesn't play nice with using branchs this way, particularly when merging back to the feature branch)

[TomAFrench]

Hey Raúl 👋. Was having a quick snoop through this PR and I have a question about the permissioning for delayed actions.

DelayedCalls are deployed calling VaultAuthorizer.deployDelayedCall by an account with global permission granted for the actionId that would be triggered by DelayedCall

Considering we know the value of where for the DelayedCall to be deployed why would we not allow users for which AccessControl.hasRole(actionId, account, where) == true queue up this action?

[Ramarti]

Hey Raúl wave. Was having a quick snoop through this PR and I have a question about the permissioning for delayed actions.

DelayedCalls are deployed calling VaultAuthorizer.deployDelayedCall by an account with global permission granted for the actionId that would be triggered by DelayedCall

Considering we know the value of where for the DelayedCall to be deployed why would we not allow users for which AccessControl.hasRole(actionId, account, where) == true queue up this action?

Hi Tom, actually I just described it incorrectly, the method does actually allow for specific contracts:

    function deployDelayedCall(
        bytes32 actionId,
        address where,
        uint256 value,
        bytes calldata data,
        bool permissionedTrigger
    ) external returns (address) {
        require(AccessControl.hasRole(actionId, msg.sender, where), "Invalid permission");
        uint256 delay = _actionDelays[actionId];
        require(delay > 0, "Not a delayed action");
        DelayedCall delayedCall = new DelayedCall(data, where, value, this, this, permissionedTrigger, actionId);
        _delayedCalls[actionId].add(address(delayedCall));
        emit DelayedCallScheduled(actionId, address(delayedCall), where, value, data, delay);
        return address(delayedCall);
    }
    

I'm going to update the description

[nventuro]

@facuspagnuolo is basing his work on the authorizer revamp milestone on this and other unmerged PRs, closing as this will be superceded by those.